The Changelog: Software Development, Open Source

Marcus J. Ranum’s 2005 post on dumb ideas in computer security still holds up, Barry Jones argues why story points are useless, Posting is an HTTP client as a TUI, Varnish ceator Poul-Henning Kamp (phk) reflects on ten years of working on the HTTP cache & es-tookit is a major upgrade to Lodash.

Shawn “swyx” Wang is back to talk with us about the state of DevRel according to ZIRP (the Zero Interest Rate Phenomenon), the data that backs up the rise and fall of job openings, whether or not DevRel is dead or dying, speculation of the near-term arrival of AGI, AI Engineering as the last job standing, the innovation from Cognition with Devin as well as their mis-steps during Devin’s launch, and what’s to come in the next innovation round of AI.

Paul Copplestone, CEO of Supabase (the meme-lord himself), joins the show to take us on the journey of Supabase leading Postgres for life, and how it all starts with Postgres as the base-layer substrate for the entire Supabase platform. They’re laser focused on the drive ahead, not the rear-view mirror. Disclosure: Adam and Jerod are angel investors in Supabase.

Marcus Buffett writes his younger self programming advice, Swyx asks and answers whether or not DevRel is dead, the Ghost team opens up their ActivityPub server, Pongo is like MongoDB but on Postgres, Jack Kelly is funding Ladybird because he can’t fund Firefox & Hyrum’s Law.

Adam & Jerod discuss the news! But first, we discuss how you can keep up with the software world (good question, Tyler Boyd!) On the docket: Developer job postings trend, the Ladybird Browser Initiative, the Polyfill.js supply chain attack & is the future self-hosted?

Carol Lee (Clinical Scientist) shares her research on code review anxiety. We dive deep into her recent research paper “Understanding and Effectively Mitigating Code Review Anxiety”. We get into all the nooks and crannies of this topic — common code review myths, strategies for coping, the need for awareness and self-reflection, the value of exposure and practice to build confidence, the importance of team dynamics, respect, empathy, and connection, and more. This show is jam-packed with goodies for everyone…and we even give a nod to the work we did on our podcast Brain Science.

Software developer jobs are trending down, the creator of dotenv creates a better dotenv, the Chrome team puts Gemini Nano AI model right inside your browser, a pollyfill.js supply chain attack hits 100k+ sites & Steph Ango asks, “What can we remove?”

Welcome to Kaizen 15! We go deep on the big Changelog News redesign, give shout outs to folks who’ve helped us along the way & Gerhard takes us on his journey to turn Jerod’s pipe dream into a reality!

Predrag Gruevski and Chris Krycho joined the show to talk about SemVer. We explore the challenges and the advantages of semantic versioning (aka SemVer), the need for improving the tooling around SemVer, where semantic versioning really shines and where it’s needed, Types and SemVer, whether or not there’s a better way, and why it’s not as simple as just opting out.

Søren Fuglede Jørgensen builds a font thats also an LLM, Hugo Landau writes about the demise of the mildly dynamic website, SQL Studio is the simplest little database explorer ever, Mathew Duggan reviews GitHub Copilot Workspace & Stephan Schmidt lays out the case against mocking + what to do instead.

Daniel Stenberg shares his guiding principles for BDFL’ing curl, gives us his perspective on the state of the internet, talks financial independence, ensuring curl won’t be the next XZ & more!

Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.